Authentication Clock Skew - ServiceNow Community

Authentication Clock Skew

tiagomacul
Mega Sage

on ‎09-13-2018 05:43 AM

Authentication Clock Skew | Playbook Use Case KB Number: KB0639127 

 

Overview

The number in seconds before notBefore constraint, or after notOnOrAfter constraint, to consider whether it is still valid. Update the SAML property glide.authenticate.sso.saml2.clockskew to a larger value with a default of 60 seconds. Some cases require a setting of 300 or higher. If the identity provider server is connected to a time sync server its time should not be out of sync. The customer’s network team will need to resolve this issue.

PORTUGUÊS

Os segundos antes de notBefore constraint, ou depois notOnOrAfter constraint, para considerar se ainda é válido. Atualize a propriedade SAML glide.authenticate.sso.saml2.clockskew para um valor maior com um padrão de 60 segundos.

Alguns casos exigem uma configuração de 300 ou superior. Se o servidor do provedor de identidade estiver conectado a um servidor de sincronização de horário, seu horário não deverá estar fora de sincronia. A equipe de rede do cliente precisará resolver esse problema.

 

Symptom / Alert  - Sintoma 

SAML2: Could not validate SAMLResponse: no thrown error

Could not validate SAMLResponse

SAML2: SAML2ValidationError: Assertion is valid in the future, 2018-09-12T03:37:30.798-07:00, notBefore: 2018-09-12T10:42:03.145Z: no thrown error

logou succeeded

find_real_file.png

Solution / Solução:

  • For Multi-Provider SSO plugin
    • Navigate to Multi-Provider SSO > Identity Providers
    • Open the identity provider record that is receiving the clock skew
    • Update the Clock Skew field with the delta value calculated + 20
  • For the SAML 2 – Update 1 – Security Enhancements plugin
    • Navigate to the sys_properties table, sys_properties.LIST
    • Search for the following system property name glide.authenticate.sso.saml2.clockskew
    • Update the Clock Skew field with the delta value you calculate + 20

==============================================================================

01. Navigate to the sys_properties table, sys_properties.LIST

Navegue nas propriedades, digite no filtro,  , sys_properties.LIS

T

find_real_file.png

02. Search for property name glide.authenticate.sso.saml2.clockskew

   Procure perla propriedade  glide.authenticate.sso.saml2.clockskew

find_real_file.png

03. Update the Clock Skew field with the delta value calculated + 20

Atualize o Clock Skew com uma diferença calculada para um delta de + 20.

find_real_file.png

 

https://<instance name>.service-now.com/nav_to.do?uri=%2Fsys_properties.do%3Fsys_id%3D056a1d121b00200000009141be071356%26sysparm_record_target%3Dsys_properties%26sysparm_record_row%3D1%26sysparm_record_rows%3D1%26sysparm_record_list%3DnameSTARTSWITHglide.authenticate.sso.saml2.clockskew%255EORDERBYname

 

==============================================================================

==============================================================================

01. Navigate to     Multi-Provider SSO > Identity Providers

    Navegue em: 

find_real_file.png

02.

Selecione seu provedor

find_real_file.png

03. Advanced TAB > Clock Skew

find_real_file.png

 

 

 

 

 

Preview file
18 KB
Preview file
7 KB
Preview file
18 KB
Preview file
50 KB
Preview file
45 KB
Preview file
49 KB
Preview file
7 KB
  • 1,434 Views
Version history
Last update:
‎09-13-2018 05:43 AM
Updated by: